General
-
Target
AGRMT_06052020_195.doc
-
Size
220KB
-
Sample
200609-sckd12lv82
-
MD5
bc8cf7a3c840dc88cfa89f69852e46e6
-
SHA1
1528a5750c9072ebbc963687079c010b18240c9e
-
SHA256
e0dffa6bd2f4dd302690fc57b659149f59c394b4235edf33bf6a10ba0873dafc
-
SHA512
c2ed63d68e2f23917f448e8bda38058f7c6c02fce9b6fdd474983bed4e0e089759407d214f5eb307eb58101017a9918fae0307bdd10d1634ff26084eed7ea317
Malware Config
Extracted
http://salwadm.com/tcphx/8888888.png
Extracted
http://flipkenya.com/nujazbwrhjy/8888888.png
Extracted
qakbot
spx135
1591627649
89.32.216.156:443
74.222.204.82:443
24.183.39.93:443
97.93.211.17:443
80.14.209.42:2222
96.35.170.82:2222
151.73.124.242:443
98.110.231.63:443
108.227.161.27:995
173.3.132.17:995
31.5.41.52:443
24.122.228.88:443
5.107.208.94:2222
76.185.136.58:443
50.29.166.232:995
73.210.114.187:443
92.114.107.193:995
24.43.22.220:993
50.247.230.33:995
72.142.106.198:465
Targets
-
-
Target
AGRMT_06052020_195.doc
-
Size
220KB
-
MD5
bc8cf7a3c840dc88cfa89f69852e46e6
-
SHA1
1528a5750c9072ebbc963687079c010b18240c9e
-
SHA256
e0dffa6bd2f4dd302690fc57b659149f59c394b4235edf33bf6a10ba0873dafc
-
SHA512
c2ed63d68e2f23917f448e8bda38058f7c6c02fce9b6fdd474983bed4e0e089759407d214f5eb307eb58101017a9918fae0307bdd10d1634ff26084eed7ea317
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-